-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/06/2013 12:55 PM, Les Mikesell wrote:
> On Wed, Nov 6, 2013 at 11:01 AM, Daniel J Walsh wrote:
>
SELinux blocks "confined" processes, but usually does not block the
administrator who is running as unconfined_t, and is allowed to do
On Wed, Nov 6, 2013 at 11:01 AM, Daniel J Walsh wrote:
>>> SELinux blocks "confined" processes, but usually does not block the
>>> administrator who is running as unconfined_t, and is allowed to do
>>> everything he could do if SELinux was disabled.
>>>
>>> Confined processes are targeted to syst
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/06/2013 11:55 AM, Les Mikesell wrote:
> On Wed, Nov 6, 2013 at 9:23 AM, Daniel J Walsh wrote:
>>
>> SELinux blocks "confined" processes, but usually does not block the
>> administrator who is running as unconfined_t, and is allowed to do
>> ev
On Wed, Nov 6, 2013 at 9:23 AM, Daniel J Walsh wrote:
>
> SELinux blocks "confined" processes, but usually does not block the
> administrator who is running as unconfined_t, and is allowed to do everything
> he could do if SELinux was disabled.
>
> Confined processes are targeted to system service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/05/2013 05:13 PM, Wes James wrote:
> When does echo 0 > /selinux/inforce need to be used? I.e., where is
> selinux enforcing itself on the system to protect it? When I do yum
> install of some package, it seems to work (not being blocked). W
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/05/2013 05:13 PM, Wes James wrote:
First you should use setenforce 0/setenforce 1.
Theoretically never. It should really be discouraged. It is like the
Enterprise bringing it "Shields" down.
SELinux in permissive mode will continue to do acc
On Tue, Nov 5, 2013 at 11:35 PM, Phil Gardner wrote:
>
>
> On 11/05/2013 06:13 PM, Wes James wrote:
> > On Tue, Nov 5, 2013 at 4:01 PM, Keith Keller <
> > kkel...@wombat.san-francisco.ca.us> wrote:
> >
> >> On 2013-11-05, Wes James wrote:
> >>>
> >>> Why not use some other linux that doesn't use
On 11/05/2013 06:13 PM, Wes James wrote:
> On Tue, Nov 5, 2013 at 4:01 PM, Keith Keller <
> kkel...@wombat.san-francisco.ca.us> wrote:
>
>> On 2013-11-05, Wes James wrote:
>>>
>>> Why not use some other linux that doesn't use selinux then?
>>
>> If it were harder to disable (either temporarily o
On Tue, Nov 5, 2013 at 4:01 PM, Keith Keller <
kkel...@wombat.san-francisco.ca.us> wrote:
> On 2013-11-05, Wes James wrote:
> >
> > Why not use some other linux that doesn't use selinux then?
>
> If it were harder to disable (either temporarily or permanently) then I
> could see someone making th
On 2013-11-05, Wes James wrote:
>
> Why not use some other linux that doesn't use selinux then?
If it were harder to disable (either temporarily or permanently) then I
could see someone making this case. But it's trivial to disable SELinux
in CentOS, so there's no real reason to use a different
On Tue, Nov 5, 2013 at 3:53 PM, wrote:
> Wes James wrote:
> > On Tue, Nov 5, 2013 at 3:38 PM, wrote:
> >
>
> >>
> >> mark "NOT a fan of selinux, dealt with it far too much"
> >>
> > OK. Why not use some other linux that doesn't use selinux then? I guess
> > in permissive mode, you cou
Wes James wrote:
> On Tue, Nov 5, 2013 at 3:38 PM, wrote:
>
>> John R Pierce wrote:
>> > On 11/5/2013 2:15 PM, m.r...@5-cent.us wrote:
>> >> Wes James wrote:
>> >>> >When does echo 0 > /selinux/inforce need to be used? I.e., where
>> >>> is selinux enforcing itself on the system to protect it? W
On Tue, Nov 5, 2013 at 3:38 PM, wrote:
> John R Pierce wrote:
> > On 11/5/2013 2:15 PM, m.r...@5-cent.us wrote:
> >> Wes James wrote:
> >>> >When does echo 0 > /selinux/inforce need to be used? I.e., where is
> >>> >selinux enforcing itself on the system to protect it? When I do yum
> >>> >inst
John R Pierce wrote:
> On 11/5/2013 2:15 PM, m.r...@5-cent.us wrote:
>> Wes James wrote:
>>> >When does echo 0 > /selinux/inforce need to be used? I.e., where is
>>> >selinux enforcing itself on the system to protect it? When I do yum
>>> >install of some package, it seems to work (not being bloc
On Tue, Nov 5, 2013 at 3:28 PM, John R Pierce wrote:
> On 11/5/2013 2:15 PM, m.r...@5-cent.us wrote:
> > Wes James wrote:
> >> >When does echo 0 > /selinux/inforce need to be used? I.e., where is
> >> >selinux enforcing itself on the system to protect it? When I do yum
> >> >install of some pac
On 11/5/2013 2:15 PM, m.r...@5-cent.us wrote:
> Wes James wrote:
>> >When does echo 0 > /selinux/inforce need to be used? I.e., where is
>> >selinux enforcing itself on the system to protect it? When I do yum
>> >install of some package, it seems to work (not being blocked). When would
>> >doing
Wes James wrote:
> When does echo 0 > /selinux/inforce need to be used? I.e., where is
> selinux enforcing itself on the system to protect it? When I do yum
> install of some package, it seems to work (not being blocked). When would
> doing something not work because selinux is watching it (or w
When does echo 0 > /selinux/inforce need to be used? I.e., where is
selinux enforcing itself on the system to protect it? When I do yum
install of some package, it seems to work (not being blocked). When would
doing something not work because selinux is watching it (or whatever that
process is d
18 matches
Mail list logo